1Taint(3) User Contributed Perl Documentation Taint(3)
2
6 Test::Taint - Tools to test taintedness
7
9 Version 1.04
10 $Header: /home/cvs/test-taint/Taint.pm,v 1.16 2004/08/10 03:06:57 andy Exp $
12
14 taint_checking_ok(); # We have to have taint checking on
15 my $id = "deadbeef"; # Dummy session ID
16 taint( $id ); # Simulate it coming in from the web
17 tainted_ok( $id );
18 $id = validate_id( $id ); # Your routine to check the $id
19 untainted_ok( $id ); # Did it come back clean?
20 ok( defined $id );
21
23 Tainted data is data that comes from an unsafe source, such as the com‐
24 mand line, or, in the case of web apps, any GET or POST transactions.
25 Read the perlsec man page for details on why tainted data is bad, and
26 how to untaint the data.
27 When you're writing unit tests for code that deals with tainted data,
29 you'll want to have a way to provide tainted data for your routines to
30 handle, and easy ways to check and report on the taintedness of your
31 data, in standard Test::More style.
32
34 All the "xxx_ok()" functions work like standard "Test::More"-style
35 functions, where the last parm is an optional message, it outputs ok or
36 not ok, and returns a boolean telling if the test passed.
37 taint_checking_ok( [$message] )
39 Test::More-style test that taint checking is on. This should probably
41 be the first thing in any *.t file that deals with taintedness.
42 tainted_ok( $var [, $message ] )
44 Checks that $var is tainted.
46 tainted_ok( $ENV{FOO} );
48 untainted_ok( $var [, $message ] )
50 Checks that $var is not tainted.
52 my $foo = my_validate( $ENV{FOO} );
54 untainted_ok( $foo );
55 tainted_ok_deeply( $var [, $message ] )
57 Checks that $var is tainted. If $var is a reference, it recursively
59 checks every variable to make sure they are all tainted.
60 tainted_ok_deeply( \%ENV );
62 untainted_ok_deeply( $var [, $message ] )
64 Checks that $var is not tainted. If $var is a reference, it recur‐
66 sively checks every variable to make sure they are all not tainted.
67 my %env = my_validate( \%ENV );
69 untainted_ok_deeply( \%env );
70
72 These are all helper functions. Most are wrapped by an "xxx_ok()"
73 counterpart, except for "taint" which actually does something, instead
74 of just reporting it.
75 taint_checking()
77 Returns true if taint checking is enabled via the -T flag.
79 tainted( $var )
81 Returns boolean saying if $var is tainted.
83 tainted_deeply( $var )
85 Returns boolean saying if $var is tainted. If $var is a reference it
87 recursively checks every variable to make sure they are all tainted.
88 taint( @list )
90 Marks each (apparently) taintable argument in @list as being tainted.
92 References can be tainted like any other scalar, but it doesn't make
94 sense to, so they will not be tainted by this function.
95 Some "tie"d and magical variables may fail to be tainted by this rou‐
97 tine, try as it may.)
98 taint_deeply( @list )
100 Similar to "taint", except that if any elements in @list are refer‐
102 ences, it walks deeply into the data structure and marks each taintable
103 argument as being tainted.
104 If any variables are "tie"d this will taint all the scalars within the
106 tied object.
107
109 Written by Andy Lester, "<andy@petdance.com>".
110
112 Copyright 2004, Andy Lester, All Rights Reserved.
113 You may use, modify, and distribute this package under the same terms
115 as Perl itself.
116perl v5.8.8 2004-08-09 Taint(3)